malwarewikiaorg-20200223-history
DilmaLocker
DilmaLocker is a ransomware-type malware discovered by xXToffeeXx. It is aimed at Brazilian half-speaking users. Payload Transmission DilmaLocker can be distributed by spam emails (infectious attachments), unofficial software download sources (freeware download websites, free file hosting websites, torrents, etc.), fake software update tools, and/or trojans. Infection Following successful infiltration, DilmaLocker encrypts files usingAES-256 cryptography. During encryption, this malware appends filenames with the ".__dilmaV1" extension. For example, "sample.jpg" is renamed to "sample.jpg.__dilmaV1". After successfully encrypting files, DilmaLocker creates three additional files ("RECUPERE_SEUS_ARQUIVOS.html", "background.bmp " and "dilminha.dat"), placing them on the desktop. It then opens a pop-up window and sets the .bmp file as the desktop wallpaper. The HTML and .bmp files contain a ransom-demand message in Portuguese. The .bmp file also contains Dilma Rousseff, ex-president of Brazil. The message states that files are encrypted and can only be restored using a unique password and a decryption tool. Unfortunately, this information is accurate. As mentioned above, DilmaLocker employs a AES-256 encryption algorithm. Therefore, a unique encryption/decryption key is generated for each victim. Cyber criminals store this key on a remote server and victims are encouraged to purchase a decryption tool (with the key embedded within). The cost is R$3000 (approximately 1000 USD) in Bitcoin. The ransom must (supposedly) be paid within four days of encryption, otherwise the files are permanently deleted. To submit payment, victims are encouraged to contact these cyber criminals via an email address provided. It is also stated that victims are able to attach one selected file (up to 3MB of size). This file is then decrypted and returned to the victim as a 'guarantee' that restoring files is possible. Text presented within DilmaLocker HTML file: O custo para descriptografar seus arquivos é de R$3000,00 ( três mil reais ) Não pode pagar? Tenha calma, vamos negociar, queremos apenas te ajudar ;) Você tem direito a descriptografar um arquivo de graça. Escolha um e envie-nos por email ( até 3mb ). O pagamento é aceito apenas em bitcoin. Não sabe usar? A gente ensina! Todos os seus arquivos mais importantes foram criptografados utilizando o algoritmo AES de 256 bits. Mesma criptografia utilizada pelo governo americano para proteger segredos de estado. Ou seja, é IMPOSSÍVEL recuperar seus arquivos sem a senha correta. Caso haja interesse em obter essa senha e recuperar seus arquivos, envie um email para dilmaonion@keemail.me contendo o arquivo dilminha.dat que foi criado em sua área de trabalho ( ele é seu identificador pessoal, não o perca ). Não existe outra maneira de recuperar seus arquivos sem nossa ajuda, qualquer programa ou anti-vírus que você Utilize irá corromper seus arquivos e você perderá eles para sempre. Assim que você nos enviar o pagamento, vamos te enviar a senha e o programa que ira fazer a descriptografia. Quer alguma garantia? Envie-nos qualquer arquivo criptografado que iremos descriptografar e te devolver de graça. Mas ande logo, em 4 dias seus arquivos serão deletados e nunca mais você irá recupera-los. Aguardamos contato :) Eu vivo de crime de computador porque não tenho tantas opções para viver com dignidade dentro do sistema. This translates to: The cost to decrypt your files is $ 3000.00 (three thousand reais) Can not afford? Take it easy, let's negotiate, we just want to help you;) You have the right to decrypt a file for free. Choose one and send us by email (up to 3mb). Payment is only accepted in bitcoin. Do not know how to use? We teach! All of your most important files were encrypted using the 256-bit AES algorithm. Same encryption used by the US government to protect state secrets. That is, it is IMPOSSIBLE to recover your files without the correct password. If you are interested in obtaining this password and recovering your files, please send an email to dilmaonion@keemail.me containing the file dilminha.dat that was created on your desktop (it is your personal identifier, do not miss it). There is no other way to recover your files without our help, any program or anti-virus that you Use will corrupt your files and you will lose them forever. Once you send us the payment, we will send you the password and the program that will decrypt. Want some guarantee? Send us any encrypted file that we will decrypt and return it for free. But walk away, in 4 days your files will be deleted and you will never recover them again. We look forward to contact :) I live on computer crime because I do not have so many options to live with dignity within the system. Category:Ransomware Category:Win32 ransomware Category:Microsoft Windows Category:Win32 Category:Trojan Category:Win32 trojan